Supply Chain Analysis: From Quartermaster to SunshopFireEye Labs

Executive Summary

Many seemingly unrelated cyber attacks may, in fact, be part of a broader offensive fueled by a shared development and logistics infrastructure - a finding that suggests some targets are facing a more organized menace than they realize.

This report examines 11 advanced persistent threat (APT) campaigns targeting a wide swath of industries. Though they appeared unrelated at first, further investigation uncovered several key links between them: the same malware tools, the same elements of code, binaries with the same timestamps, and signed binaries with the same digital certificates.

Taken together, these commonalities point to centralized APT planning and development. How prevalent this model has become is unclear. But adopting it makes financial sense for attackers, so the findings may imply a bigger trend.

This report focuses on two key findings:
* Shared development and logistics
* A shared malware-builder tool